HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

McAfee Study Investigates How Hackers Exfiltrate Data

A new data exfiltration study has been released by McAfee, which examines the actors and tactics used by criminals to obtain Protected Health Information and other sensitive data, in addition to effective detection and preventative measures employed by companies to thwart cyberattacks and data theft.

The report details the commonest methods used by hackers to get data out of systems once access has been gained. Most cybersecurity reports focus instead of how hackers manage to gain access to computer systems. McAfee has instead concentrated on the little studied area of data exfiltration.

Participants in the study were interviewed by the company’s researchers and asked questions about their main security concerns, the threats they face on a day to day basis, the tools used to identify data exfiltration, as well as being asked to provide details of how data were actually exfiltrated.

The results of the study provide IT professionals around the world with valuable intel, which can be used to determine the most important measures to address security risks and prevent data theft and loss.

Please see the HIPAA Journal Privacy Policy

Out of the companies taking part in the survey, McAfee discovered that on average each had suffered six “significant security breaches.” In 68% of cases, the attacks were serious enough to warrant breach notifications being issued to affected individuals.

While U.S. companies have suffered a great deal of data breaches in recent months, the survey data show that companies in the Asia-Pacific region have been worst hit. U.S enterprises, along with those in the UK, were the least affected.

Key Findings of the ‘Grand Theft Data’ Study


IT professionals are right to concentrate resources on cybersecurity defenses, as 57% of attacks came from malicious outsiders; however the threat from within should not be ignored. 43% of data exfiltrations came from internal actors such as disgruntled employees; although half of data loss incidents were caused by accident.

In 64% of cases, IT security professionals quizzed in the study believed that data loss could have been prevented had Data Loss Prevention (DLP) technology been employed prior to the breach. Unfortunately, the decision to use DLP technologies was all too often only made after companies had experienced a serious data breach. This should serve as a warning to all organizations to strongly consider locking the barn door before the horse has bolted.

In the majority of cases it was not company secrets that hackers were attempting to steal. That data may have value, but it is customer, patient and employee information which is most commonly sought. 62% of worldwide breaches involved criminals stealing this type of data. In North America, 31% of data exfiltrations involved customer information, with employee information stolen in 32% of data breaches. In the U.S, attacks resulted in data theft in 84% of cases, 80% in the UK, but 90% in the Asia-Pacific region.

Data Exfiltration


The loss and theft of physical storage devices continues to plague enterprises. Loss and theft of storage devices, laptop computers and tablets accounted for 40% of data exfiltrations. Data exfiltration was achieved via file transfer or tunneling protocols (FTP/SCP) in 25% of cases, with Microsoft Office documents the most common formats of stolen data, accounting for 32% of data exfiltrations.

Experience Counts


When it comes to protecting against data breaches, the experience of IT security professionals employed to safeguard computer networks plays a big part in whether attacks are successful. McAfee found that IT security professionals having 5 years+ experience working with a particular employer corresponded to a much lower risk of data exfiltration. Retaining experienced members of IT security staff can therefore reduce the risk of data theft and loss, while the use of DLP technologies was found to result in faster detection of cybersecurity attacks and helped to prevention data theft.

How Data is Exfiltrated


Laptops and tablets are the physical media most at risk from external actors, being involved in 13% of data exfiltrations and 11% of exfiltrations by internal actors, the latter favoring USB drives (16%). Electronic methods most exploited are Web Protocols, accounting for 16% of data exfiltrations from both internal and external actors. File transfer protocols were second, closely followed by email.

Organizations operating Bring Your Own Device Schemes (BYOD) were found to face a high risk of data theft/loss, with mobile phone theft discovered to be involved in 15% of cases of physical device theft.

Vulnerability of Data Stored in the Cloud


There is a common perception that the cloud is particularly susceptible to attack. While security vulnerabilities do exist, the cloud appears to be more secure than many IT professionals believe. Regardless, it is a source of great anxiety for IT professionals. The report suggests that in reality, cloud applications pose no greater risk than internal storage systems.

However, this is not necessarily due to there being fewer security vulnerabilities. The study found that security professionals who adopted cloud services were likely to be very familiar with the technologies that can be used to protect cloud-stored data and cloud applications, and were likely to have employed numerous technologies to secure their cloud-based applications.



In order to prevent data breaches, robust cybersecurity and physical defenses should be deployed; however it is also important to use Data Loss Prevention technologies to prevent data exfiltration. The study found a strong correlation between the use of DLP and intrusion detection systems and the prevention of data exfiltration. That said, it is vital that these systems are correctly configured. If they remain in their default passive mode, or are only used to monitor networks, they will do little to prevent data exfiltration.

The McAfee ‘Grand Theft Data’ Study can be downloaded here.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.